Issues in login-register.php (master) - Issues in master - ravinderk/Give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4335)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/login-register.php (16 issues)

Labels

Documentation 1

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Login / Register Functions
 *
 * @package     Give
 * @subpackage  Functions/Login
 * @copyright   Copyright (c) 2016, GiveWP
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       1.0
 */

// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Login Form
 *
 * @since 1.0
 * @global       $give_login_redirect
 * @global       $give_logout_redirect
 *
 * @param string $login_redirect  Login redirect page URL
 * @param string $logout_redirect Logout redirect page URL
 *
 * @return string Login form
 */
function give_login_form( $login_redirect = '', $logout_redirect = '' ) {

	if ( empty( $login_redirect ) ) {
		$login_redirect = add_query_arg( 'give-login-success', 'true', give_get_history_page_uri() );
	}

	if ( empty( $logout_redirect ) ) {
		$logout_redirect = add_query_arg( 'give-logout-success', 'true', give_get_current_page_url() );
	}

	// Add user_logout action to logout url.
	$logout_redirect = add_query_arg(
		array(
			'give_action'          => 'user_logout',
			'give_logout_nonce'    => wp_create_nonce( 'give-logout-nonce' ),
			'give_logout_redirect' => urlencode( $logout_redirect ),
		),
		home_url( '/' )
	);

	ob_start();

	give_get_template(
		'shortcode-login',
		array(
			'give_login_redirect'  => $login_redirect,
			'give_logout_redirect' => $logout_redirect,
		)
	);

	return apply_filters( 'give_login_form', ob_get_clean() );
}

/**
 * Registration Form
 *
 * @since 2.0
 * @global       $give_register_redirect
 *
 * @param string $redirect Redirect page URL
 *
 * @return string Register form
 */
function give_register_form( $redirect = '' ) {
	if ( empty( $redirect ) ) {
		$redirect = give_get_current_page_url();
	}

	ob_start();

	if ( ! is_user_logged_in() ) {
		give_get_template(
			'shortcode-register',
			array(
				'give_register_redirect' => $redirect,
			)
		);
	}

	return apply_filters( 'give_register_form', ob_get_clean() );
}

/**
 * Process Login Form
 *
 * @since 1.0
 *
 * @param array $data Data sent from the login form
 *
 * @return void
 */
function give_process_login_form( $data ) {

	if ( wp_verify_nonce( $data['give_login_nonce'], 'give-login-nonce' ) ) {

		// Set Receipt Access Session.
		if ( ! empty( $_GET['donation_id'] ) ) {

			Give()->session->set( 'receipt_access', true );
		}

		$user_data = get_user_by( 'login', $data['give_user_login'] );

		if ( ! $user_data ) {
			$user_data = get_user_by( 'email', $data['give_user_login'] );
		}

		if ( $user_data ) {

			$user_id = $user_data->ID;

			if ( wp_check_password( $data['give_user_pass'], $user_data->user_pass, $user_id ) ) {
				give_log_user_in( $user_data->ID, $data['give_user_login'], $data['give_user_pass'] );
			} else {
				give_set_error( 'password_incorrect', __( 'The password you entered is incorrect.', 'give' ) );
			}
		} else {
			give_set_error( 'username_incorrect', __( 'The username you entered does not exist.', 'give' ) );
		}

		// Check for errors and redirect if none present.
		$errors = give_get_errors();

		if ( ! $errors ) {
			$redirect = apply_filters( 'give_login_redirect', $data['give_login_redirect'], $user_id );
			wp_redirect( $redirect );
			give_die();
		}
	}
}

add_action( 'give_user_login', 'give_process_login_form' );


/**
 * Process User Logout
 *
 * @since 1.0
 *
 * @param array $data Data sent from the give login form page
 *
 * @return void
 */
function give_process_user_logout( $data ) {
	if ( wp_verify_nonce( $data['give_logout_nonce'], 'give-logout-nonce' ) && is_user_logged_in() ) {

		// Prevent occurring of any custom action on wp_logout.
		remove_all_actions( 'wp_logout' );

		/**
		 * Fires before processing user logout.
		 *
		 * @since 1.0
		 */
		do_action( 'give_before_user_logout' );

		// Logout user.
		wp_logout();

		/**
		 * Fires after processing user logout.
		 *
		 * @since 1.0
		 */
		do_action( 'give_after_user_logout' );

		wp_redirect( $data['give_logout_redirect'] );
		give_die();
	}
}

add_action( 'give_user_logout', 'give_process_user_logout' );

/**
 * Log User In
 *
 * @since 1.0
 *
 * @param int    $user_id    User ID
 * @param string $user_login Username
 * @param string $user_pass  Password
 *
 * @return bool
 */
function give_log_user_in( $user_id, $user_login, $user_pass ) {

	if ( $user_id < 1 ) {
		return false;
	}

	wp_set_auth_cookie( $user_id );
	wp_set_current_user( $user_id, $user_login );

	/**
	 * Fires after the user has successfully logged in.
	 *
	 * @since 1.0
	 *
	 * @param string $user_login Username.
	 * @param WP_User $$user      WP_User object of the logged-in user.
	 */
	do_action( 'wp_login', $user_login, get_userdata( $user_id ) );

	/**
	 * Fires after give user has successfully logged in.
	 *
	 * @since 1.0
	 *
	 * @param int    $$user_id   User id.
	 * @param string $user_login Username.
	 * @param string $user_pass  User password.
	 */
	do_action( 'give_log_user_in', $user_id, $user_login, $user_pass );
}


/**
 * Process Register Form
 *
 * @since 2.0
 *
 * @param array $data Data sent from the register form
 *
 * @return bool
 */
function give_process_register_form( $data ) {

	if ( is_user_logged_in() ) {
		return false;
	}

	if ( empty( $_POST['give_register_submit'] ) ) {

		return false;
	}

	/**
	 * Fires before processing user registration.
	 *
	 * @since 1.0
	 */
	do_action( 'give_pre_process_register_form' );

	if ( empty( $data['give_user_login'] ) ) {
		give_set_error( 'empty_username', esc_html__( 'Invalid username.', 'give' ) );
	}

	if ( username_exists( $data['give_user_login'] ) ) {
		give_set_error( 'username_unavailable', esc_html__( 'Username already taken.', 'give' ) );
	}

	if ( ! validate_username( $data['give_user_login'] ) ) {
		give_set_error( 'username_invalid', esc_html__( 'Invalid username.', 'give' ) );
	}

	if ( email_exists( $data['give_user_email'] ) ) {
		give_set_error( 'email_unavailable', esc_html__( 'Email address already taken.', 'give' ) );
	}

	if ( empty( $data['give_user_email'] ) || ! is_email( $data['give_user_email'] ) ) {
		give_set_error( 'email_invalid', esc_html__( 'Invalid email.', 'give' ) );
	}

	if ( ! empty( $data['give_payment_email'] ) && $data['give_payment_email'] != $data['give_user_email'] && ! is_email( $data['give_payment_email'] ) ) {
		give_set_error( 'payment_email_invalid', esc_html__( 'Invalid payment email.', 'give' ) );
	}

	if ( empty( $_POST['give_user_pass'] ) ) {

		give_set_error( 'empty_password', esc_html__( 'Please enter a password.', 'give' ) );
	}

	if ( ( ! empty( $_POST['give_user_pass'] ) && empty( $_POST['give_user_pass2'] ) ) || ( $_POST['give_user_pass'] !== $_POST['give_user_pass2'] ) ) {

		give_set_error( 'password_mismatch', esc_html__( 'Passwords don\'t match.', 'give' ) );
	}

	/**
	 * Fires while processing user registration.
	 *
	 * @since 1.0
	 */
	do_action( 'give_process_register_form' );

	// Check for errors and redirect if none present
	$errors = give_get_errors();

	if ( empty( $errors ) ) {

		$redirect = apply_filters( 'give_register_redirect', $data['give_redirect'] );

		give_register_and_login_new_user( array(
			'user_login'      => $data['give_user_login'],
			'user_pass'       => $data['give_user_pass'],
			'user_email'      => $data['give_user_email'],
			'user_registered' => date( 'Y-m-d H:i:s' ),
			'role'            => get_option( 'default_role' ),
		) );

		wp_redirect( $redirect );
		give_die();
	}
}

add_action( 'give_user_register', 'give_process_register_form' );


/**
 * Email access login form.
 *
 * @since 1.8.17
 *
 * @return bool
 */
function give_email_access_login() {

	// Verify nonce.
	if ( ! isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'give' ) ) {

		return false;
	}

	// Need email to proceed.
	$email = isset( $_POST['give_email'] ) ? give_clean( $_POST['give_email'] ) : '';

	if ( empty( $email ) ) {
		give_set_error( 'give_empty_email', __( 'Please enter the email address you used for your donation.', 'give' ) );
	}

	$recaptcha_key    = give_get_option( 'recaptcha_key' );
	$recaptcha_secret = give_get_option( 'recaptcha_secret' );
	$enable_recaptcha = ( give_is_setting_enabled( give_get_option( 'enable_recaptcha' ) ) ) && ! empty( $recaptcha_key ) && ! empty( $recaptcha_secret ) ? true : false;

	// Use reCAPTCHA.
	if ( $enable_recaptcha ) {

		$args = array(
			'secret'   => $recaptcha_secret,
			'response' => $_POST['g-recaptcha-response'],

			'remoteip' => $_POST['give_ip'],

		);

		if ( ! empty( $args['response'] ) ) {
			$request = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', array(
				'body' => $args,
			) );
			if ( ! is_wp_error( $request ) || 200 == wp_remote_retrieve_response_code( $request ) ) {

				$response = json_decode( $request['body'], true );

				// reCAPTCHA fail.
				if ( ! $response['success'] ) {
					give_set_error( 'give_recaptcha_test_failed', apply_filters( 'give_recaptcha_test_failed_message', __( 'reCAPTCHA test failed.', 'give' ) ) );
				}
			} else {

				// Connection issue.
				give_set_error( 'give_recaptcha_connection_issue', apply_filters( 'give_recaptcha_connection_issue_message', __( 'Unable to connect to reCAPTCHA server.', 'give' ) ) );

			}  // End if().
		} else {

			give_set_error( 'give_recaptcha_failed', apply_filters( 'give_recaptcha_failed_message', __( 'It looks like the reCAPTCHA test has failed.', 'give' ) ) );

		}  // End if().
	}  // End if().

	// If no errors or only expired token key error - then send email.
	if ( ! give_get_errors() ) {

		$donor = Give()->donors->get_donor_by( 'email', $email );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
		Give()->email_access->init();

		// Verify that donor object is present and donor is connected with its user profile or not.
		if ( is_object( $donor ) ) {

			// Verify that email can be sent.
			if ( ! Give()->email_access->can_send_email( $donor->id ) ) {

				$_POST['email-access-exhausted'] = true;

				return false;

			} else {
				// Send the email. Requests not
				$email_sent = Give()->email_access->send_email( $donor->id, $donor->email );

				if ( ! $email_sent ) {
					give_set_error( 'give_email_access_send_issue', __( 'Unable to send email. Please try again.', 'give' ) );
					return false;
				}

				$_POST['email-access-sent'] = true;

				return true;
			}
		} else {

			give_set_error( 'give-no-donations', __( 'We were unable to find any donations associated with the email address provided. Please try again using another email.', 'give' ) );

		}
	} // End if().

}

add_action( 'give_email_access_form_login', 'give_email_access_login' );


1			<?php
2			/**
3			* Login / Register Functions
4			*
5			* @package Give
6			* @subpackage Functions/Login
7			* @copyright Copyright (c) 2016, GiveWP
8			* @license https://opensource.org/licenses/gpl-license GNU Public License
9			* @since 1.0
10			*/
11
12			// Exit if accessed directly.
13			if ( ! defined( 'ABSPATH' ) ) {
14			exit;
15			}
16
17			/**
18			* Login Form
19			*
20			* @since 1.0
21			* @global $give_login_redirect
22			* @global $give_logout_redirect
23			*
24			* @param string $login_redirect Login redirect page URL
25			* @param string $logout_redirect Logout redirect page URL
26			*
27			* @return string Login form
28			*/
29			function give_login_form( $login_redirect = '', $logout_redirect = '' ) {
30
31			if ( empty( $login_redirect ) ) {
32			$login_redirect = add_query_arg( 'give-login-success', 'true', give_get_history_page_uri() );
33			}
34
35			if ( empty( $logout_redirect ) ) {
36			$logout_redirect = add_query_arg( 'give-logout-success', 'true', give_get_current_page_url() );
37			}
38
39			// Add user_logout action to logout url.
40			$logout_redirect = add_query_arg(
41			array(
42			'give_action' => 'user_logout',
43			'give_logout_nonce' => wp_create_nonce( 'give-logout-nonce' ),
44			'give_logout_redirect' => urlencode( $logout_redirect ),
45			),
46			home_url( '/' )
47			);
48
49			ob_start();
50
51			give_get_template(
52			'shortcode-login',
53			array(
54			'give_login_redirect' => $login_redirect,
55			'give_logout_redirect' => $logout_redirect,
56			)
57			);
58
59			return apply_filters( 'give_login_form', ob_get_clean() );
60			}
61
62			/**
63			* Registration Form
64			*
65			* @since 2.0
66			* @global $give_register_redirect
67			*
68			* @param string $redirect Redirect page URL
69			*
70			* @return string Register form
71			*/
72			function give_register_form( $redirect = '' ) {
73			if ( empty( $redirect ) ) {
74			$redirect = give_get_current_page_url();
75			}
76
77			ob_start();
78
79			if ( ! is_user_logged_in() ) {
80			give_get_template(
81			'shortcode-register',
82			array(
83			'give_register_redirect' => $redirect,
84			)
85			);
86			}
87
88			return apply_filters( 'give_register_form', ob_get_clean() );
89			}
90
91			/**
92			* Process Login Form
93			*
94			* @since 1.0
95			*
96			* @param array $data Data sent from the login form
97			*
98			* @return void
99			*/
100			function give_process_login_form( $data ) {
101
102			if ( wp_verify_nonce( $data['give_login_nonce'], 'give-login-nonce' ) ) {
103
104			// Set Receipt Access Session.
105			if ( ! empty( $_GET['donation_id'] ) ) {
			0 ignored issues – show introduced 2018-12-06 05:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_GET, probably need manual inspection. Loading history...
106			Give()->session->set( 'receipt_access', true );
107			}
108
109			$user_data = get_user_by( 'login', $data['give_user_login'] );
110
111			if ( ! $user_data ) {
112			$user_data = get_user_by( 'email', $data['give_user_login'] );
113			}
114
115			if ( $user_data ) {
116
117			$user_id = $user_data->ID;
118
119			if ( wp_check_password( $data['give_user_pass'], $user_data->user_pass, $user_id ) ) {
120			give_log_user_in( $user_data->ID, $data['give_user_login'], $data['give_user_pass'] );
121			} else {
122			give_set_error( 'password_incorrect', __( 'The password you entered is incorrect.', 'give' ) );
123			}
124			} else {
125			give_set_error( 'username_incorrect', __( 'The username you entered does not exist.', 'give' ) );
126			}
127
128			// Check for errors and redirect if none present.
129			$errors = give_get_errors();
130
131			if ( ! $errors ) {
132			$redirect = apply_filters( 'give_login_redirect', $data['give_login_redirect'], $user_id );
133			wp_redirect( $redirect );
134			give_die();
135			}
136			}
137			}
138
139			add_action( 'give_user_login', 'give_process_login_form' );
140
141
142			/**
143			* Process User Logout
144			*
145			* @since 1.0
146			*
147			* @param array $data Data sent from the give login form page
148			*
149			* @return void
150			*/
151			function give_process_user_logout( $data ) {
152			if ( wp_verify_nonce( $data['give_logout_nonce'], 'give-logout-nonce' ) && is_user_logged_in() ) {
153
154			// Prevent occurring of any custom action on wp_logout.
155			remove_all_actions( 'wp_logout' );
156
157			/**
158			* Fires before processing user logout.
159			*
160			* @since 1.0
161			*/
162			do_action( 'give_before_user_logout' );
163
164			// Logout user.
165			wp_logout();
166
167			/**
168			* Fires after processing user logout.
169			*
170			* @since 1.0
171			*/
172			do_action( 'give_after_user_logout' );
173
174			wp_redirect( $data['give_logout_redirect'] );
175			give_die();
176			}
177			}
178
179			add_action( 'give_user_logout', 'give_process_user_logout' );
180
181			/**
182			* Log User In
183			*
184			* @since 1.0
185			*
186			* @param int $user_id User ID
187			* @param string $user_login Username
188			* @param string $user_pass Password
189			*
190			* @return bool
191			*/
192			function give_log_user_in( $user_id, $user_login, $user_pass ) {
193
194			if ( $user_id < 1 ) {
195			return false;
196			}
197
198			wp_set_auth_cookie( $user_id );
199			wp_set_current_user( $user_id, $user_login );
200
201			/**
202			* Fires after the user has successfully logged in.
203			*
204			* @since 1.0
205			*
206			* @param string $user_login Username.
207			* @param WP_User $$user WP_User object of the logged-in user.
208			*/
209			do_action( 'wp_login', $user_login, get_userdata( $user_id ) );
210
211			/**
212			* Fires after give user has successfully logged in.
213			*
214			* @since 1.0
215			*
216			* @param int $$user_id User id.
217			* @param string $user_login Username.
218			* @param string $user_pass User password.
219			*/
220			do_action( 'give_log_user_in', $user_id, $user_login, $user_pass );
221			}
222
223
224			/**
225			* Process Register Form
226			*
227			* @since 2.0
228			*
229			* @param array $data Data sent from the register form
230			*
231			* @return bool
232			*/
233			function give_process_register_form( $data ) {
234
235			if ( is_user_logged_in() ) {
236			return false;
237			}
238
239			if ( empty( $_POST['give_register_submit'] ) ) {
			0 ignored issues – show introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_POST, probably need manual inspection. Loading history...
240			return false;
241			}
242
243			/**
244			* Fires before processing user registration.
245			*
246			* @since 1.0
247			*/
248			do_action( 'give_pre_process_register_form' );
249
250			if ( empty( $data['give_user_login'] ) ) {
251			give_set_error( 'empty_username', esc_html__( 'Invalid username.', 'give' ) );
252			}
253
254			if ( username_exists( $data['give_user_login'] ) ) {
255			give_set_error( 'username_unavailable', esc_html__( 'Username already taken.', 'give' ) );
256			}
257
258			if ( ! validate_username( $data['give_user_login'] ) ) {
259			give_set_error( 'username_invalid', esc_html__( 'Invalid username.', 'give' ) );
260			}
261
262			if ( email_exists( $data['give_user_email'] ) ) {
263			give_set_error( 'email_unavailable', esc_html__( 'Email address already taken.', 'give' ) );
264			}
265
266			if ( empty( $data['give_user_email'] ) \|\| ! is_email( $data['give_user_email'] ) ) {
267			give_set_error( 'email_invalid', esc_html__( 'Invalid email.', 'give' ) );
268			}
269
270			if ( ! empty( $data['give_payment_email'] ) && $data['give_payment_email'] != $data['give_user_email'] && ! is_email( $data['give_payment_email'] ) ) {
271			give_set_error( 'payment_email_invalid', esc_html__( 'Invalid payment email.', 'give' ) );
272			}
273
274			if ( empty( $_POST['give_user_pass'] ) ) {
			0 ignored issues – show introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_POST, probably need manual inspection. Loading history...
275			give_set_error( 'empty_password', esc_html__( 'Please enter a password.', 'give' ) );
276			}
277
278			if ( ( ! empty( $_POST['give_user_pass'] ) && empty( $_POST['give_user_pass2'] ) ) \|\| ( $_POST['give_user_pass'] !== $_POST['give_user_pass2'] ) ) {
			0 ignored issues – show introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_POST, probably need manual inspection. Loading history... introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-sanitized input variable: $_POST Loading history...
279			give_set_error( 'password_mismatch', esc_html__( 'Passwords don\'t match.', 'give' ) );
280			}
281
282			/**
283			* Fires while processing user registration.
284			*
285			* @since 1.0
286			*/
287			do_action( 'give_process_register_form' );
288
289			// Check for errors and redirect if none present
290			$errors = give_get_errors();
291
292			if ( empty( $errors ) ) {
293
294			$redirect = apply_filters( 'give_register_redirect', $data['give_redirect'] );
295
296			give_register_and_login_new_user( array(
297			'user_login' => $data['give_user_login'],
298			'user_pass' => $data['give_user_pass'],
299			'user_email' => $data['give_user_email'],
300			'user_registered' => date( 'Y-m-d H:i:s' ),
301			'role' => get_option( 'default_role' ),
302			) );
303
304			wp_redirect( $redirect );
305			give_die();
306			}
307			}
308
309			add_action( 'give_user_register', 'give_process_register_form' );
310
311
312			/**
313			* Email access login form.
314			*
315			* @since 1.8.17
316			*
317			* @return bool
318			*/
319			function give_email_access_login() {
320
321			// Verify nonce.
322			if ( ! isset( $_POST['_wpnonce'] ) \|\| ! wp_verify_nonce( $_POST['_wpnonce'], 'give' ) ) {
			0 ignored issues – show introduced 2017-12-08 06:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_POST, probably need manual inspection. Loading history... introduced 2017-12-08 06:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-sanitized input variable: $_POST Loading history...
323			return false;
324			}
325
326			// Need email to proceed.
327			$email = isset( $_POST['give_email'] ) ? give_clean( $_POST['give_email'] ) : '';
			0 ignored issues – show introduced 2017-12-08 06:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_POST, probably need manual inspection. Loading history... introduced 2017-12-08 06:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-sanitized input variable: $_POST Loading history...
328			if ( empty( $email ) ) {
329			give_set_error( 'give_empty_email', __( 'Please enter the email address you used for your donation.', 'give' ) );
330			}
331
332			$recaptcha_key = give_get_option( 'recaptcha_key' );
333			$recaptcha_secret = give_get_option( 'recaptcha_secret' );
334			$enable_recaptcha = ( give_is_setting_enabled( give_get_option( 'enable_recaptcha' ) ) ) && ! empty( $recaptcha_key ) && ! empty( $recaptcha_secret ) ? true : false;
335
336			// Use reCAPTCHA.
337			if ( $enable_recaptcha ) {
338
339			$args = array(
340			'secret' => $recaptcha_secret,
341			'response' => $_POST['g-recaptcha-response'],
			0 ignored issues – show introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_POST, probably need manual inspection. Loading history... introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-validated input variable: $_POST Loading history... introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-sanitized input variable: $_POST Loading history...
342			'remoteip' => $_POST['give_ip'],
			0 ignored issues – show introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected access of super global var $_POST, probably need manual inspection. Loading history... introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-validated input variable: $_POST Loading history... introduced 2017-07-29 03:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-sanitized input variable: $_POST Loading history...
343			);
344
345			if ( ! empty( $args['response'] ) ) {
346			$request = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', array(
347			'body' => $args,
348			) );
349			if ( ! is_wp_error( $request ) \|\| 200 == wp_remote_retrieve_response_code( $request ) ) {
350
351			$response = json_decode( $request['body'], true );
352
353			// reCAPTCHA fail.
354			if ( ! $response['success'] ) {
355			give_set_error( 'give_recaptcha_test_failed', apply_filters( 'give_recaptcha_test_failed_message', __( 'reCAPTCHA test failed.', 'give' ) ) );
356			}
357			} else {
358
359			// Connection issue.
360			give_set_error( 'give_recaptcha_connection_issue', apply_filters( 'give_recaptcha_connection_issue_message', __( 'Unable to connect to reCAPTCHA server.', 'give' ) ) );
361
362			} // End if().
363			} else {
364
365			give_set_error( 'give_recaptcha_failed', apply_filters( 'give_recaptcha_failed_message', __( 'It looks like the reCAPTCHA test has failed.', 'give' ) ) );
366
367			} // End if().
368			} // End if().
369
370			// If no errors or only expired token key error - then send email.
371			if ( ! give_get_errors() ) {
372
373			$donor = Give()->donors->get_donor_by( 'email', $email );
			0 ignored issues – show Documentation introduced 2017-12-08 06:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$email` is of type `string\|array`, but the function expects a `integer`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
374			Give()->email_access->init();
375
376			// Verify that donor object is present and donor is connected with its user profile or not.
377			if ( is_object( $donor ) ) {
378
379			// Verify that email can be sent.
380			if ( ! Give()->email_access->can_send_email( $donor->id ) ) {
381
382			$_POST['email-access-exhausted'] = true;
383
384			return false;
385
386			} else {
387			// Send the email. Requests not
388			$email_sent = Give()->email_access->send_email( $donor->id, $donor->email );
389
390			if ( ! $email_sent ) {
391			give_set_error( 'give_email_access_send_issue', __( 'Unable to send email. Please try again.', 'give' ) );
392			return false;
393			}
394
395			$_POST['email-access-sent'] = true;
396
397			return true;
398			}
399			} else {
400
401			give_set_error( 'give-no-donations', __( 'We were unable to find any donations associated with the email address provided. Please try again using another email.', 'give' ) );
402
403			}
404			} // End if().
405
406			}
407
408			add_action( 'give_email_access_form_login', 'give_email_access_login' );
409

ravinderk / Give

Issues (4335)

Security Analysis not enabled

includes/login-register.php (16 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like